def login(self): """Log in with 'username' and 'password' """ body = self.request.json_body if 'username' not in body or 'password' not in body: raise HTTPBadRequest() username = body['username'] password = body['password'] user_locator = self.request.registry.queryMultiAdapter( (self.context, self.request), IUserLocator) if user_locator is None: user_locator = DefaultUserLocator(self.context, self.request) user = user_locator.get_user_by_login(username) if user is None or not user.check_password(password): raise HTTPUnauthorized() headers = remember(self.request, get_oid(user)) self.request.response.headerlist.extend(headers) self.request.registry.notify( LoggedIn(username, user, self.context, self.request)) return self.user_json(user)
def velruse_login_complete_view(self): context = self.context request = self.request profile = context.profile account = profile['accounts'][0] domain = account['domain'] username = account['username'] userid = account['userid'] sd_userid = f'{domain}_{userid}' root = root_factory(request) adapter = request.registry.queryMultiAdapter( (root, request), IUserLocator) if adapter is None: adapter = DefaultUserLocator(root, request) user = adapter.get_user_by_login(sd_userid) headers = [] if user is None: photos = profile.get('photos') if photos: photo_url = photos[0]['value'] request.session['photo_url'] = photo_url request.session['userid'] = sd_userid realname = profile['displayName'] request.session['profilename'] = username request.session['realname'] = realname location = request.resource_url(root, 'create_profile') else: objectmap = find_objectmap(root) performer = list(objectmap.sources(user, PerformerToUser))[0] location = request.resource_url(performer) headers = remember(request, get_oid(user)) return HTTPFound(location, headers=headers)
def velruse_login_complete_view(context, request): provider = context.provider_name profile = context.profile username = profile['accounts'][0]['username'] root = root_factory(request) adapter = request.registry.queryMultiAdapter( (root, request), IUserLocator) if adapter is None: adapter = DefaultUserLocator(root, request) user = adapter.get_user_by_login(username) if user is None: registry = request.registry principals = find_service(root, 'principals') user = principals.add_user(username, registry=registry) performer = registry.content.create('Performer') root['performers'][username] = performer performer.title = profile['displayName'] addresses = profile.get('addresses') if addresses: user.email = performer.email = addresses[0]['formatted'] photos = profile.get('photos') if photos: performer.photo_url = photos[0]['value'] performer.age = colander.null performer.sex = user.favorite_genre = None performer.user = user set_acl(performer, [(Allow, user.__oid__, ['yss.edit-profile'])]) location = request.resource_url(performer, 'edit.html') else: location = request.resource_url(root['performers'][username]) headers = remember(request, get_oid(user)) return HTTPFound(location, headers=headers)
def login(context, request): login_url = request.sdiapi.mgmt_path(request.context, 'login') referrer = request.url if '/auditstream-sse' in referrer: # If we're being invoked as the result of a failed request to the # auditstream sse view, bail. Otherwise the came_from will be set to # the auditstream URL, and the user who this happens to will eventually # be redirected to it and they'll be left scratching their head when # they see e.g. "id: 0-10\ndata: " when they log in successfully. return HTTPForbidden() if login_url in referrer: # never use the login form itself as came_from referrer = request.sdiapi.mgmt_path(request.virtual_root) came_from = request.session.setdefault('sdi.came_from', referrer) login = '' password = '' if 'form.submitted' in request.params: try: check_csrf_token(request) except: request.session.flash('Failed login (CSRF)', 'error') else: login = request.params['login'] password = request.params['password'] adapter = request.registry.queryMultiAdapter( (context, request), IUserLocator ) if adapter is None: adapter = DefaultUserLocator(context, request) user = adapter.get_user_by_login(login) if user is not None and user.check_password(password): request.session.pop('sdi.came_from', None) headers = remember(request, get_oid(user)) request.registry.notify(LoggedIn(login, user, context, request)) return HTTPFound(location = came_from, headers = headers) request.session.flash('Failed login', 'error') # Pass this through FBO views (e.g., forbidden) which use its macros. template = get_renderer('substanced:sdi/views/templates/login.pt' ).implementation() return dict( url = request.sdiapi.mgmt_path(request.virtual_root, '@@login'), came_from = came_from, login = login, password = password, login_template = template, )
def internal_login(context, request): login = '' password = '' if 'form.submitted' in request.POST: try: check_csrf_token(request) except: request.sdiapi.flash('Failed login (CSRF)', 'danger') else: login = request.POST['login'] password = request.POST['password'] root = request.root adapter = request.registry.queryMultiAdapter( (root, request), IUserLocator) if adapter is None: adapter = DefaultUserLocator(root, request) user = adapter.get_user_by_login(login) if user is None: request.session.flash('Bad username or password', 'danger') else: if user.check_password(password): request.registry.notify(LoggedIn( login, user, context, request)) objectmap = find_objectmap(root) try: performer = list( objectmap.sources(user, PerformerToUser) )[0] except IndexError: request.session.flash( 'No performer associated with account', 'danger' ) else: headers = remember(request, get_oid(user)) location = request.resource_url(performer) return HTTPFound(location, headers=headers) else: request.session.flash('Bad username or password', 'danger') return { 'login':login, 'password':password, 'login_url':request.resource_url( request.virtual_root, '@@internal_login'), }